diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-14 13:17:31 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-14 13:17:31 +0000 |
commit | f66ab8dae2f3d0418759f81a3a64dc9517a62449 (patch) | |
tree | fbff2135e7013f196b891bbde54618eb050e4aaf /library/Director/CoreBeta | |
parent | Initial commit. (diff) | |
download | icingaweb2-module-director-f66ab8dae2f3d0418759f81a3a64dc9517a62449.tar.xz icingaweb2-module-director-f66ab8dae2f3d0418759f81a3a64dc9517a62449.zip |
Adding upstream version 1.10.2.upstream/1.10.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'library/Director/CoreBeta')
-rw-r--r-- | library/Director/CoreBeta/ApiStream.php | 57 | ||||
-rw-r--r-- | library/Director/CoreBeta/Stream.php | 17 | ||||
-rw-r--r-- | library/Director/CoreBeta/StreamContext.php | 89 | ||||
-rw-r--r-- | library/Director/CoreBeta/StreamContextSslOptions.php | 52 |
4 files changed, 215 insertions, 0 deletions
diff --git a/library/Director/CoreBeta/ApiStream.php b/library/Director/CoreBeta/ApiStream.php new file mode 100644 index 0000000..478fd40 --- /dev/null +++ b/library/Director/CoreBeta/ApiStream.php @@ -0,0 +1,57 @@ +<?php + +namespace Icinga\Module\Director\CoreBeta; + +use Exception; + +class ApiClient extends Stream +{ + protected $port; + + public static function create($peer, $port = 5665) + { + $stream = new static(); + } + + protected function createClientConnection() + { + $context = $this->createSslContext(); + if ($context === false) { + echo "Unable to set SSL options\n"; + return false; + } + + $conn = stream_socket_client( + 'ssl://' . $this->peername . ':' . $this->peerport, + $errno, + $errstr, + 15, + STREAM_CLIENT_CONNECT, + $context + ); + + return $conn; + } + + protected function createSslContext() + { + $local = 'ssl://' . $this->local; + $context = stream_context_create(); + + // Hack, we need key and cert: + $certfile = preg_replace('~\..+$~', '', $this->certname) . '.combi'; + + $options = array( + 'ssl' => array( + 'verify_host' => true, + 'cafile' => $this->ssldir . '/ca.crt', + 'local_cert' => $this->ssldir . '/' . $certfile, + 'CN_match' => 'monitor1', + ) + ); + + $result = stream_context_set_option($context, $options); + + return $context; + } +} diff --git a/library/Director/CoreBeta/Stream.php b/library/Director/CoreBeta/Stream.php new file mode 100644 index 0000000..5add9a3 --- /dev/null +++ b/library/Director/CoreBeta/Stream.php @@ -0,0 +1,17 @@ +<?php + +namespace Icinga\Module\Director\CoreBeta; + +abstract class Stream +{ + protected $stream; + + protected $buffer = ''; + + protected $bufferLength = 0; + + protected function __construct($stream) + { + $this->stream = $stream; + } +} diff --git a/library/Director/CoreBeta/StreamContext.php b/library/Director/CoreBeta/StreamContext.php new file mode 100644 index 0000000..4844b79 --- /dev/null +++ b/library/Director/CoreBeta/StreamContext.php @@ -0,0 +1,89 @@ +<?php + +namespace Icinga\Module\Director\CoreBeta; + +use Icinga\Exception\ProgrammingError; + +class StreamContext +{ + protected $options = array(); + + public function ssl() + { + if ($this->ssl === null) { + $this->ssl = new StreamContextSslOptions(); + } + + return $this->ssl; + } + + public function isSsl() + { + return $this->ssl !== null; + } + + public function setCA(CA $ca) + { + // $this->options + } + + protected function createSslContext() + { + $local = 'ssl://' . $this->local; + $context = stream_context_create(); + + // Hack, we need key and cert: + $certfile = preg_replace('~\..+$~', '', $this->certname) . '.combi'; + + $options = array( + 'ssl' => array( + 'verify_host' => true, + 'cafile' => $this->ssldir . '/ca.crt', + 'local_cert' => $this->ssldir . '/' . $certfile, + 'CN_match' => 'monitor1', + ) + ); + + $result = stream_context_set_option($context, $options); + + return $context; + } + + public function setContextOptions($options) + { + if (array_key_exists('ssl', $options)) { + throw new ProgrammingError('Direct access to ssl options is not allowed'); + } + } + + protected function reallySetContextOptions($options) + { + if ($this->context === null) { + $this->options = $options; + } else { + stream_context_set_option($this->context, $options); + } + } + + protected function lazyContext() + { + if ($this->context === null) { + $this->context = stream_context_create(); + $this->setContextOptions($this->getOptions()); + + // stream_context_set_option($this->context + if ($this->isSsl()) { + $this->options['ssl'] = $this->ssl()->getOptions(); + } + + $result = stream_context_set_option($this->context, $this->options); + } + + return $this->context; + } + + public function getRawContext() + { + return $this->lazyContext(); + } +} diff --git a/library/Director/CoreBeta/StreamContextSslOptions.php b/library/Director/CoreBeta/StreamContextSslOptions.php new file mode 100644 index 0000000..d01d4a5 --- /dev/null +++ b/library/Director/CoreBeta/StreamContextSslOptions.php @@ -0,0 +1,52 @@ +<?php + +namespace Icinga\Module\Director\CoreBeta; + +use Icinga\Exception\ProgrammingError; + +class StreamContextSslOptions +{ + protected $options = array( + 'verify_peer' => true, + ); + + public function setCA(CA $ca) + { + $this->ca = $ca; + } + + public function capturePeerCert($capture = true) + { + $this->options['capture_peer_cert'] = (bool) $capture; + return $this; + } + + public function capturePeerChain($capture = true) + { + $this->options['capture_peer_chain'] = (bool) $capture; + return $this; + } + + public function setCiphers($ciphers) + { + $this->options['ciphers'] = $ciphers; + return $this; + } + + public function setPeerName($name) + { + if (version_compare(PHP_VERSION, '5.6.0') >= 0) { + $this->options['peer_name'] = $name; + $this->options['verify_peer_name'] = true; + } else { + $this->options['CN_match'] = $name; + } + return $this; + } + + public function getOptions() + { + // TODO: Fail on missing cert + return $this->options; + } +} |